CVE-2019-10370 – org.jenkins-ci.plugins:mask-passwords

Package

Manager: maven
Name: org.jenkins-ci.plugins:mask-passwords
Vulnerable Version: >=0 <2.13.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00128 pctl0.33024

Details

Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin Jenkins Mask Passwords Plugin 2.12.0 and earlier transmits globally configured passwords in plain text as part of the configuration form, potentially resulting in their exposure.

Metadata

Created: 2022-05-24T16:52:45Z
Modified: 2022-06-28T22:35:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gp67-c7j2-2qg2/GHSA-gp67-c7j2-2qg2.json
CWE IDs: ["CWE-319", "CWE-532"]
Alternative ID: GHSA-gp67-c7j2-2qg2
Finding: F017
Auto approve: 1